I know this is the centos6 forum; but no one's posted in the centos4 forum for close to two years - go figure. I have a client who's learning the hard way why you don't run obsolete operating systems to support mission critical applications. They just got a report of a vulnerability from the apache version running on their rhel4 systems; once again, go figure.

I've been searching for updated httpd rpms for rhel4 and am coming to the conclusion that, if we're going to upgrade httpd only, we're going to have to compile it ourselves.

The latest updates for CentOS 4 have been moved to http://vault.centos.org but since the EOL date for el4 was February 2012, there have been no updates there for 18 months. You can check there to see if there are newer packages that might fix the issue in question if it's an older CVE but I wouldn't hold out much hope.

The migration path from any older CentOS release to a newer one is to backup/reinstall/restore. CentOS 5 is still supported for about another 3 years and I guess that it might be easier to rebuild the latest el5 httpd SRPM on el4 than anything else. Migrating to a newer, supported release is the long term solution.

The CentOS 4 forums are still open for business and I've moved your post back to them as that's where it belongs.